Education vs. Certification: What Does it Take to Get into the Cyber Game?

© Gorodenkoff – Fotolia.com

© Gorodenkoff – Fotolia.com

By Brian “Mario” Maye

Cyber! Cyber! Cyber! Much ado about nothing? Well, not exactly. It seems a week doesn’t go by without our hearing about a major bank’s computer system or a celebrity’s email or Twitter account being hacked, which has increased public awareness of cyber security issues. As a 10-year veteran in the cyber security field—both as a contractor and a certification instructor, people often contact me about how to launch a cyber career.

They ask me questions like, “Should I enroll in a college program that offers a cyber security degree or should I search for a trade school and pursue a certification?” My immediate response is, “Yes and yes.” However, it is not quite that simple. Here’s why:

Cyber security careers are still relatively new, and so there are only a few undergraduate programs that can adequately prepare you for the field. Fortunately, colleges and universities are earnestly working to create or expand their curriculum to satisfy corporate demand for trained cyber security professionals. There are several higher learning institutions that offer master’s degree programs in cyber security.

Whether you have a general or specific degree—a bachelor’s or a master’s—having a college degree is always an asset when entering the job market as a college degree is a minimum hiring requirement by many employers. That is why I answer with the first “yes.” Be mindful, however, that a degree helps, but it alone it is not enough.

Now, for my second “yes.” When it comes to the field of cyber security, certification is absolutely mandatory. Although certification is not the total answer, it tells the employer that you have specialized training.

The cyber security field is like the medical field in the sense that there are many different competencies, including hacking, forensics, reverse engineering, developing cyber policies, Computer Network Attack (CNA), Computer Network Defense (CND), and many more. To a potential employer, a certification demonstrates your specialized skill set within the broader profession.

Unfortunately, not all certification programs are created equal, and some trade schools offer short cuts. The result is that individuals become certified but do not have the necessary knowledge to do the job. So yes, certification is mandatory in our field, but certification alone is not enough.

You may ask yourself, “Well, what is enough to get me into the field?” I believe many of my colleagues would agree that the answer is a hybrid of education and certification, along with selecting the competency you want to specialize in.

What are some of the challenges you may have faced or are facing entering into the cyber field? What advice do you have for others?

I look forward to hearing your experiences from which we all may learn a thing or two.

This post was originally published in August 2013.